<?php session_start(); ?>
<?php include ("../inc/db_config.inc"); ?>
<?php
$ref=$_SERVER['HTTP_REFERER'];
if(isset($_REQUEST['username'])&&$_REQUEST['username']!=""){
    $u=$_REQUEST['username'];
}else{
    echo "请输入用户名<script type='text/javascript'>setTimeout(function(){window.location.href='$ref'},1000)</script>";
    return false;
}
if(isset($_REQUEST['password'])&&$_REQUEST['password']!=""){
    $p=$_REQUEST['password'];
}else{
    echo "请输入密码<script type='text/javascript'>setTimeout(function(){window.location.href='$ref'},1000)</script>";
    return false;
}

$result=mysql_query("select * from user where username='$u' and password='$p'");
if(mysql_affected_rows()>0){
    $row=mysql_fetch_array($result);
    $uid=$row['id'];
    $_SESSION['uname']=$u;
    $_SESSION['uid']=$uid;
    echo "登录成功<script type='text/javascript'>setTimeout(function(){window.location.href='index.php'},1000)</script>";
}else{
    echo "登录失败<script type='text/javascript'>setTimeout(function(){window.location.href='$ref'},1000)</script>";
}
?>